Google traffic hijacked via tiny Nigerian ISP

A tiny Nigerian ISP has hijacked internet traffic meant for Google’s data centers. The incident, called a BGP hijack, occurred yesterday, on November 12, between 13:12 and 14:35, Pacific time, according to Google.

The incident was first detected and reported by BGPmon, an online service that monitors the routes that internet traffic takes through the smaller internet service provider (ISP) networks that make up the larger internet.

According to BGPmon, the incident was caused by a small Nigerian ISP named MainOne Cable Company (AS37282), which announced to nearby ISPs that it was hosting IP addresses that were normally assigned to Google’s data center network.

The findings of that research paper, which were very controversial and politically charged, were confirmed last week by Oracle’s Internet Intelligence division (formerly known as Dyn).

BGP hijacks are considered highly dangerous, as it allows the unauthorized network through which the traffic goes to intercept, analyze, and log sensitive traffic that could be decrypted at a later date.

Yesterday’s temporary Google traffic redirection marks just another incident in a long list of BGP hijacks incidents that have been a major problem since the 1990s.

Even if the traffic “misdirection” by the Nigerian ISP was intentional or accidental, the problem still lies with the BGP itself, a protocol developed in the 1980s, which has no security features and is still used today to interconnect ISP networks and relay internet traffic.